Display database information securely

4

What kind of encryption should I use to encrypt a CPF in the database and then display that same (decrypted) CPF for the client in a secure way?

    
asked by anonymous 16.02.2015 / 23:16

1 answer

4

Security is a complex subject, do not just choose a "cryptographic type" and everything will be safe. There are several ways to use the same feature and be safe or not.

You may want to use MySQL encryption if this database is you are using. I would not know which is best for your case. I could kick that AES_ENCRYPT() is a good one. I do not know if it would have advantages if I did the encryption work for PHP.

If you still want to use PHP, you can study mcrypt . It is complex and has many options. No one can say which one is right for you.

Of course, showing to the "client" safely involves another problem. The connection needs to be secure. It is no use sending this decrypted information. Usually the HTTPS protocol is used using SSL / TLS encryption that is transparent to your application.

But there may still be a problem in the short period that the data is decrypted on your server. Usually this is not considered a big problem because if your server is vulnerable so that someone has access, the problem is different and it is bigger.

    
16.02.2015 / 23:31